Browse Live Discover and Response Queries by Category
Approved

This query is one you are recommended to read the full content of the post to use. It is not simply a copy and paste query, like others in the forum. It is valuable in the right situation. 

Check for conflicting windows security software

 REVIEWED by Sophos 

Customers confronted with unexplainable red statusses and installation/update issues were helped by this:

-------

select * FROM windows_security_products
WHERE name is not 'Windows Firewall'
and name is not 'Microsoft Defender Antivirus'
and name is not 'Sophos Anti-Virus'

 

-------

Which produced a list of machines running conflicting anti-virus software, so that the IT department could do their magic on them.

In some cases (I have seen Polish and Chinese names for the Firewall and Defender entries), you'd need to add those names, eg.

and name is not 'Windows 防火墙'
and name is not 'Windows Defender 防病毒'
and name is not 'Zapora systemu Windows'
and name is not 'Program antywirusowy Windows Defender'

I'm sure there are prettier ways of doing this, I'm not a SQL specialist.

j0hnV
  • This alternative will show you all other products besides Sophos AV, Windows Firewall, and Defender (only if disabled) - if Defender is 'On', it will still show up (even though this technically shouldn't happen). SELECT * FROM windows_security_products WHERE name not like '%Sophos%' AND name <> 'Windows Firewall' AND (name not like '%Defender%' AND state = 'Off') Another way to go would be to ensure Sophos AV is in an 'On' state and only exclude products that are in an 'Off' state. SELECT * FROM windows_security_products WHERE name <> 'Windows Firewall' AND state = 'On'
Unfiltered HTML